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Abstract. We refine a model for linear logic based on two well-known 
ingredients: games and simulations. We have already shown that usual 
simulation relations form a sound notion of morphism between games; 
and that we can interpret all linear logic in this way. One particularly 
interesting point is that we interpret multiplicative connectives by syn- 
chronous operations on games. 

We refine this work by giving computational contents to our simulation 
relations. To achieve that, we need to restrict to intuitionistic linear logic. 
This allows to work in a constructive setting, thus keeping a computa- 
tional content to the proofs. 

We then extend it by showing how to interpret some of the additional 
structure of the exponentials. 

To be more precise, we first give a denotational model for the typed 
A-calculus; and then give a denotational model for the diff'erential A- 
calculus of Ehrhard and Regnier. Both this models are proved correct 
constructively. 



Introduction 

Transition systems and simulation relations are well known tools in computer 
science. More recent is the use of games to give models for different programming 
languages [11912] . or as an interesting tool for the study of other programming 
notions [3] . We have devised in [T^] a denotational model of linear logic based on 
those two ideas. Basically, a formula was interpreted by an alternating transition 
system (called an interaction system) and a proof was interpreted by a safety 
property for this interaction system. Those concepts which were primarily devel- 
oped to model imperative programming and interfaces turned out to be a rather 
interesting games model: a formula is interpreted by a game (the interaction 
systems), and a proof by a "non- loosing strategy" (the safety property). 

Part of the interest is that the notion of safety property is very simple: it is 
only a subset of the set of states. However, in terms of games, the associated 
strategy (whose existence is guaranteed by the condition satisfied by the subset 
of states) is usually not computable. We will show that it is possible to overcome 
this problem by restricting to intuitionistic linear logic. More precisely, we will 
model typed A-calculus (seen as a subsystem of intuitionistic linear logic) within 
a constructive setting. The model for full intuitionistic linear logic (ILL) can 
easily be derived the present work and the additive connectives defined in [T^ . 



The structure of safety properties is in fact richer than the structure of A- 
terms. In particular, safety properties are closed under unions. Since there is 
no sound notion of "logical sum" of proofs, this doesn't reflect a logical prop- 
erty. However, it is important in programming since it can be used to interpret 
non-determinism. The differential A-calculus of Ehrhard and Regnier ([6]) is an 
extension to the A-calculus, which has a notion of non deterministic sum. We 
show how to interpret this additional structure. 

1 Interaction Systems 

1.1 The Category of Interaction Systems 

We briefly recall the important definitions. For more motivations, we refer to [8] 
and [Tg. 

Definition 1. Let S be a set (of states^; an interaction system on S is given 
by the following data: 

- for each s G S", a set A(s) of possible actions; 

- for each a G A{s), a set D(s, a) of possible reactions to a; 

- for each d € D{s, a), a new state n(s, a, d) 6 S. 

We usually write s[a/d] instead of n(s,a,d). 

Following standard practise within computer science, we distinguish the two 
"characters" by calling them the Angel (choosing actions, hence the A) and 
the Demon (choosing reactions, hence the D). Depending on the authors' back- 
ground, other names could be Player and Opponent, Eloise and Abelard, Alice 
and Bob, Master and Slave, Client and Server, System and Environment, etc. 

One of the original goals for interaction systems (Hancock) was to represent 
real-life programming interfaces. Here is for example the interface of a stack of 
booleans: 

- 5 List(B); 

- A{.) = {Push(&) I 6 e B} U {Pop}; 

rz?(_,Push(6)) = {*} 

- <^ Z?([], Pop) = {error} 
[ D{b : s, Pop) = {*} 

{n{s, Push(6)) =b:s 
n{[], Pop, error) = [] 
n{b : s. Pop) — s 

This gives in full details the specification of the stack interface. This is more 
precise than classical interfaces which are usually given by a collection of types: 
compare with this poor description of stacks: 

- Pop : B 

- Push : B ^ 

which doesn't specify what the command actually do; but only tells how they 
can be used. 



The notion of morphism between such interaction systems is an extension of 
the usual notion of simulation relation: 

Definition 2. // wi and W2 are two interaction systems on Si and S2 respec- 
tively; a relation r C Si x S2 is called a simulation if: 



This definition is very similar to the usual definition of simulation relation be- 
tween labelled transition systems, but adds one layer of quantifiers to deal with 
reactions. That (si,S2) G r means that "§2 simulates si". By extension, if 02 
is a witness to the first existential quantifier, we say that "02 simulates ai". 
Note that the empty relation is always a simulation. In practise, to prevent this 
degenerate case, we would add a notion of initial state(s) and require that initial 
states are related through the simulation. 

To continue on the previous example, programming a stack interface amounts 
to implementing the stack commands using a lower level interface (arrays and 
pointer for examples). If we interpret the quantifiers constructively, this amounts 
to providing a (constructive) proof that a non-empty relation is a simulation 
from this lower level interaction system to stacks. (See [8] for a more detailed 
description of programming in terms of interaction systems.) 

Recall that the composition of two relations is given by: 



It should be obvious that the composition of two simulations is a simulation and 
that the equality relation is a simulation from any w to itself. Thus, we can put: 

Definition 3. We callint the category of interaction systems with simulations. 

Note that everything has a computational content: the composition of two sim- 
ulations is just given by the composition of the two "algorithms" simulating W3 
by W2 and W2 by wi; and that the algorithm for the identity from w to w is 
simply the "copycat" strategy. 

1.2 Notation 

Before diving in the structure of interaction systems, let's detail some of the 
notation. 

— An element of the indexed cartesian product YlaeA^i^) given by a func- 
tion / taking any a S A to an /(a) in D{a). When the set D{a) doesn't 
depend on a, it amounts to a function f : A ^ D. 




(si[ai/di],S2 [02/^2]) e r . 



(si, S3) e r2 • ri <;=i> (EIS2) (si, S2) G ri and (s2, S3) G r2 



— An element of the indexed disjoint sum J2aeA ^i^) given by a pair (a, d) 
where a G A and d G D{a). When the set D{a) doesn't depend on a, this is 
simply the cartesian product Ax D. 

— We write List(5) for the set of "lists" over set S. A list is simply a tuple 
(si, S2, . . . s„) of elements of S. The empty list is denoted (). 

— The collection JVif{S) of finite multisets over S is the quotient of List(S') 
by permutations. We write [si,...s„] for the equivalence class containing 
(.si, . . . s„). We write "+" for the sum of multisets. It simply corresponds to 
concatenation on lists. 

Concerning the product and sum operators, it should be noted that they have 
a computational content if one works in a constructive setting: an element of 
noeA^('^) i^ algorithm with input a E A and output /(a) G D{a): and an 
element of J2aeA^i^) simply a pair as above. This is in fact the basis of 
dependent type theory frameworks like Martin-L6f 's type theory or the calculus 
of construction. 

Remark: even if it was an important motivation for this work, we do not in- 
sist too much on the "constructive mathematics" part. Readers familiar with 

constructive frameworks should easily see that everything makes computational 
sense; and classical readers can skip the comments about computational content. 

1.3 Constructions 

We now define the connectives of multiplicative exponential linear logic. With 
those, making Int into a denotational model of intuitionistic multiplicative ex- 
ponential linear logic more or less amounts to showing that it is symmetric 
monoidal closed, with a well behaved comonad. 

Constant. A very simple, yet important interaction system is "skip", the inter- 
action system without interaction. Following the linear logic convention, we call 

it _L: 

Definition 4. Define -L (or skipj to be the following interaction system on the 
Singleton set {*}: 

A^{*) ={*} 
£)_l(*,*) = {*} 
n±{*, *, *) = {*} . 

Depending on the context, this interaction system is also denoted by 1. 

Note that it is very different from the two following interaction systems (on the 
same set of states) which respectively deadlock the Angel and the Demon: 

Aa{*) =0 Ad{*) ={*} 

«„(*,_,_) = _ nd(*, *,_)=_ . 

Those two systems play an important role in the general theory of interaction 
systems (the first one is usually called abort, while the second one is usually 
called magic) but they do not appear in the model presented below. 



Synchronous Product. There is an obvious product construction reminiscent 
of the synchronous product found in SCCS (synchronous calculus of communi- 
cating systems, [13]): 

Definition 5. Suppose wi and W2 are interaction systems on Si and S2- Define 
the interaction system wi (8) W2 on Si x 5*2 as follows: 

Awi(g,W2{{si,S2)) = Ai{si) X A2{S2) 

£'tui®tu2((si:S2),(ai,a2)) = Di{si,ai) X D2{s2,a2) 

'nniiCDw2{{si,S2),{ai,a2),{di,d2)) = (si[ai/di], S2 [02/^2]) • 

This is the synchronous parallel composition of wi and W2'- the Angel and the 
Demon exchange pairs of actions/reactions. 

For any sensible notion of morphism, skip should be a neutral element for 
this product. It is indeed the case, for the following reason: the components of 
w 155 skip and w are isomorphic by dropping the second (trivial) coordinate: 

w (8) 1 w 

Sx{*} S 

A{{s,*)) =A{s)x{^} A{s) 

D((s,*),(a,*)) ^D{s,a)x{*} D{s,a) 

n{{s, *), (a, *), (d, *)) = {s[a/d\, *) s[a/d\ 

This implies trivially that {((s,*),s) | s g S*} is an isomorphism. For similar 
reasons, this product is transitive and commutative. 

Lemma 1. ® _" is a commutative tensor product in the category Int. Its 
action on morphisms is given by: 

((.„.;),(.2,4))er«/^{^„^|^;;:^|^;, 

Checking that r ®r' is indeed a simulation is easy. 

Note that not every isomorphism (in the category Int) is of this form: is is 
quite simple to find isomorphic interaction systems with non-isomorphic compo- 
nents H 

Linear Arrow. The definition of the interaction system wi -o W2 is not as 
obvious as the definition of the tensor ((g)): 

Definition 6. If wi and W2 are interaction systems on Si and S2, define the 
interaction system wi —o W2 on Si x S2 as follows: 

A{{si,S2))= n ^2(.S2,/(ai)) ^i?i(si,ai) 

feAi{si)^A2{S2) aieAiisi) 

D{{si,S2),{f,G)) ^ D2{s2,f{ai)) 

aieAi{si) 

n{{si,S2),{f,G),{ai,d2))^{si[ai/Gai{d2)], S2[f (ai) / d2]) ■ 

^ In the finite case, one can duplicate a command a into oi and 02 to obtain sets of 
commands of different cardinality. 



It may seem difficult to get some intuition about this interaction system; but it 
is a posteriori quite natural: (see Proposition [1]) 

— An action in state (si, S2) is given by: 

(1) a function / (the index for the element of the disjoint sum) translating 
actions from si into actions from S2; 

(2) for any action ai, a function Ga^ translating reactions to /(ai) into 
reactions to ai. 

— A reaction to such a "translating mechanism" is given by: 

(1) an action ai in Ai(si) (which we want to simulate); 

(2) and a reaction ^2 in I?2(s2, /(ai)) (which we want to translate back). 

— Given such a reaction, we can simulate ai by 02 G ^2(^2) obtained by 
applying / to ai; and translate back ^2 into di G Di{si, ai) by applying Ga^ 
to The next state is just the pair of states Si[ai/di] and S2[a2/'^2]- 

It thus looks like the interaction system wi —° W2 is related to simulations 
from wi to W2- It is indeed the case: 

Proposition 1. In Int, _" is left adjoint to _". 

Proof. The proof is not really difhcult, but is quite painful to write (or read). 
Here is an attempt. 

Note that the following form of the axiom of choice is constructively validQ 

AC : (Va £ A) {3d e D{a))ip{a, d) ^ (3/ e JlaeA D{a)) (Va £ A)^{a, f{a)) 

When the domain D{a) for the existential quantifier doesn't depend on a G A, 
we can simplify it into: 

AC : (Va G A) {3d G D)if{a, d) ^ {3f e A ^ D) (Va G A)if{a, f{a)) 

In the sequel, the part of the formula being manipulated will be written in 
bold. That r is a simulation from wi ® W2 to takes the forn:(f| 

(si,S2,S3) e 7- (Vai G Ai{si))Na2 € A'2{s2)) 
f3a3 e Az{sa.)) 

Nds G D3 (53,03)) 
{3di G Di{si,ai)){3d2 G D2{s2,a2)) 
{si[ai/di], S2[a2/d2], salas/da]) Gr . 

Using AC on the Va23a3, we obtain: 

(si,S2,S3) G r fVai G Ai(si)) 

i^f e A2{S2) ^ AM) 

(Va2 G A2{s2)){yds e Ds{ss,f{a2))) 
{3di G Di{si,ai)){3d2 e D2{s2,a2)) 

{si[ai/di],S2[a2/d2],S3[f{a2)/d3]) G r . 

■* This form of the axiom of choice is provable in Martin-L6f 's type theory or in the 

calculus of construction... 
^ modulo associativity (Si x 5*2) x Sa Si x {S2 x S3) ~ Si x S2 x S3... 



We can now apply AC on \fd33d2: 

(si, 52,53) e r =^ (yai e Ai(si)) 

3/ e A2(,S2) ^ ^3(53)) 

fVaa e ^2(52)) 

{3g e r>3(s3,/(a2)) ^ r>2(s2,a2)) 

(Vd3 Gl?3(s3,/(a2))) 
(3di Gl?i(si,di)) 

(si[ai/di],S2[a2/g(d3)],S3[/(a2)/d3]) e r 

and apply AC one more time on Va23.9 to obtain: 

(si,s2,s3) e r =^ fVfli e Ai(si)) 

^2(^2) ^ ^3(53)) 

(3G e na.6A.(..) Dsiss, f{a2)) - D2{s2,a2)) 
Na2 G ^2(52)) (Vd3 G i?3(s3,/(a2))) 
(3di G i?i(si,di)) 

(si[ai/di],S2[a2/Ga2('^3)],S3[/(a2)/c?3]) G r 

which is equivalent to 

(si, S2, S3) G r ^ (Vai G Ai(si)) 

l^^' ^ na.eA.(..) ^3(S3, /(a2)) - i^2(s2, a^) J 

(V(a2,d3) GEA.(..)^3(s3,/(a2))) 

(3di G-Di(si,di)) 

(si[ai/di],S2[a2/Ga2(c^3)],S3[/(a2)/d3]) G r 
By definition, this means that r is a simulation from wi to W2 ~° 103. 
Once more, all this formal manipulation keeps the computational content of the 
simulations. (Because AC is constructively valid.) □ 

The notion of safety property from corresponds to simulations from 1 to w, 
or equivalently, subsets a; of S* such that: 

s e X ^ {3a e A{s)) (yd G D{s, a)) s[a/d\ G x . 

The analogy with strategies should be obvious: if x is a safety property, and 
s G a; then the Angel has a strategy to avoid deadlocks, starting from s. 

Multithreading. We now come to the last connective needed to interpret the 
A-calculus. Its computational interpretation is related to the notion of multi- 
threading, i.e. the possibility to run several instances of a program in parallel. 
Let's start by defining synchronous multithreading in the most obvious way: 

Definition 7. Ifw is an interaction system on S , define L{w), the multithreaded 
version of w to be the interaction system on List(>5') with: 

L.A{{si, . . . Sn)) ^ A{si) X . . . A{Sn) 

L.D({si, . . . Sn), (Ol, . . . On)) = D{si,ai) X ... D{Sn, dn) 

L.n{{si, . . . Sn), {ai, . . . an), (di, . . . dn)) = (si[ai/di], . . . s„[a„/d„]) . 



This interaction system is just an "n-ary" version of the synchronous product. 
To get the abstract properties we want, we need to "quotient" multithreading 
by permutations. Just like multisets are list modulo permutation, so is Iw the 
multithreaded L(w) modulo permutations. This definition is possible because 
L(w) is "compatible" with permutations: if cr is a permutation, we have 

a ■ ((si, . . . s„) [(ai, . . . o„)/(rfi, . . . dn)] ) 

(cr - (si,...s„))[c7- (ai,...a„)/cT- (di,...d„)] . 
The final definition is: 

Definition 8. If w is an interaction system on S, define L(w), define \w to he 
the following interaction system on A4f{S): 

W{n,{s,a))_ = L.D{s,a) 
\n(fi,{s,a),d) = & ■ L.n{s,a,d) . 

Unfolded, it gives: 

— an action in state /z (a multiset) is given by an element s of the equivalence 
class (a list) together with an clement a in L.A{s) (a list of actions); 

— a reaction is given by a list of reactions d in L.D{s,a); 

— the next state is the equivalence class containing the list s\a/d] (the orbit 
of s[a/d] under the action of the group of permutations). 

This operation enjoys a very strong algebraic property: 

Proposition 2. "!_" is a comonad in Int. 

Proof. We need to find two operations: 

— Eyj : Iw ^ w defined as £^ = { [[s], s) | s G 5*}; 

— and Syj : Uw ^ Iw defined as the graph of the "concat" function: 

For any w, those operations arc indeed simulations: for e^, it is quite obvious, 
and for 6^, it is quite painful to write. Let's only give an example from which 
the general case can easily be inferred: 

1. we have ([[si, S2, S3], [ti], []], [si, S2, S3, ii]) e Syj 

2. for any command ((ai, a2, a^), (&i), ()) in state [[si, S2, S3], [ti], [], we need to 
find an action in [si, S2, S3, ti]: simply take (ai, 02, 03, 61); 

3. for any reaction (di, ^2, c^3, ei) to this action, we need to find a reaction to 
the original command, i.e. to ((ai, 02, as), (6i)()): take ((di, ^2, c^s), (ei), ()); 

4. the next states are respectively 

- [[n{si,ai,di),n{s2,a2,d2),n{s3,a3,d3)], [n{ti,bi,ei)], []] 



- and [n{si,ai,di),n{s2,a2,d2),n{s3,a3,d3),n{ti,bi,ei)]. 
They are indeed related through 6^. 

To be really precise, one would need to manipulate lists of states (representative 
of the multisets); but this only makes the proof even less readable. 

Checking that the appropriate diagrams commute is immediate. It only in- 
volves the underlying sets and relations, and not the interaction systems or 
simulation conditions. (In fact , finite multisets form a conionad in the category 
of sets and relations...) □ 

2 Interpreting the A-Calculus 

We now have all the ingredients to give a denotational model for the typed 
A-calculus: a type T will be interpreted by an interaction system T*; and a 
judgement "xi : Ti, . . . a;„ : r„ h t : T" will be interpreted by simulation from 
lTl(g)...\T* to T*. 

2.1 Typing rules 

The typing rules for the simply typed A-calculus are given below: 

1. if X : uj appears in F; 

r \- X : Lu 

r \- t : UJ ~* uj' r \- u : UJ 

2. ; 

r h {t)u : uj' 

r, X : UJ h t : Lu' 

3. ■ . 

r h Xx.t : UJ ^ uj' 

We follow Krivine's notation for the application and write "(t)u" for the appli- 
cation of i to M. 

2.2 Interpretation of Types 

We assume a set of type variables ( "propositional variables"): X,... Nothing 
depend on the valuation we give to those type variables, so that we are almost 
interpreting fl^ A-calculus H 

For a valuation p from type variables to interaction systems, the interpreta- 
tion of types is defined in the usual way: 

Definition 9. Let lu be a type. Define the interpretation lu* of lu as: 

- X*^p{X); 

- {lu ^ lu')* = !w* -ow'*. 

® System-F in which all the quantifiers appear at the beginning of the term. To get 
an idea on how to get a real model of system-F, refer to [10] . 



2.3 Interpretation of Terms 

If w is a type, write \uj\ for the set of states of its interpretation: 

— \Xi\ = Si (set of states of p{Xi)); 

— ^ bj'\ = (A^/|aj|) X \uj'\. 

A valuation is a way to interpret typed variables from the context: 

Definition 10. If F = xi : uji, . . .Xn : oJn is a context, an environment for F 
is a tuple 7 in A4f\LUi\ x . . . Mf\ujn\- To simplify notation, we may write the 
tuple 7 = (/ii, . . as "xi := ^i, . ..Xn /in"- We may also write ^{x) for 

the projection of 7 on the appropriate coordinate. Sum of tuples of multisets is 
defined pointwise. 

We now interpret judgements: if we can type F h t : lu' and if 7 is an 
environment for F, the interpretation |t]^ of term t in environment 7 is a subset 
of |a;| defined as follows: 

Definition 11. We define ftj^ by induction on t: 



1. if we have with x : uj in F , 

F \- X : Lj 

then \x\ = [ ^''^^ " W ^(2/) = [] whenever x^y 

^ [0 otherwise 

F \- t : Lo ^ Lo' F \- u : Lo 

2. if we have 



F h (t)u : Lo' 

then s e iff s) G Itj^g for some /i — [si,...s„] G A^/|w| s.t. 

Si G {uj^y- for all i = 1, . . .n and 7 = 70 + 7i + • ■ • 7™; 

F, X : to \- t : lo' 

3. if we have , 

F h \x.t : Lu Lu' 

then IXx.tj-f = {(^, s) \ ^ e Mf\uj\, s e ltjj^x:=fj^} ■ 

It is immediate to check that this definition is well formed. 

If r' = a;i : uJi, . . . Xn ■ tOn, write IF for Itol Cg) . . . similarly, we omit the 
superscript _* and write uj for to* . The interpretation of terms is correct in the 
following sense: 

Proposition 3. Suppose that F \- t : uj' , then the relation "_ G is a 

simulation relation from IF to lo' . 

In other words, if s G {tj^, then s (in lo' ) simulates 7 (in IF). 

This is quite surprising because the interpretation of t doesn't depend on the 
interaction systems used to interpret the types but only the underlying set of 
statesl3 

^ The interpretation is called the relational interpretation: it can be defined in the 
category of sets and relations... 



Proof. Wc work by induction on the structure of the type inference. 

1. Axiom: it amount to showing that {([],...[], [s], [],...[], s) | s G \u!\} is a 
simulation from IF to lo. This is easy: the only actions available in state 
([], . . . [s], [], . . .) are of the form ((), . . . (a), ()...) where a G A{s), and they 
are simulated by the action a. The reaction d is translated back into reaction 
(0, . . . , (d), 0, . . .); and the rest is obvious. 

2. Application: suppose we have s G |(t)u]-y. By definition, we know that we 
have (/i, s) G ItJ-yo for some ^ = [si,...s„] s.t. each Si is in {uj^. for a 
partition 7 = 70 + 7i + • • • 7n- 

By induction hypothesis, we thus know that (/i, s) (in uj — + lo') simulates 70 
(in \r); and that any Si (in uj) simulates ji (in IF). 

Rather than doing the full formal proof (which involves many indices) , we'll 
show how it works on an example. The general case can easily be deduced 
from that. 

Suppose r is reduced to a single assumption x : v so that 7 is reduced to 
a single multiset, [wi,W2,i'3] for our example. Suppose s G |(i)w]i,:=[^j^i,2,t,3] 
because: 

- {[tl,t2],s) G = 

- il e lujx: = [vuV3] and t2 G Ma;: = []. 

We need to show that s simulates [wi, V2, W3]: 

(a) suppose ai G A^{vi), 02 G A,y{v2) and 03 G A^{v3)] 

(b) we need to find an action in A^>{s) simulating (ai,a2,a3): 

(1) by induction hypothesis, ti simulates [wi,?;3], so that we can find an 
action bi G Ai^{ti) simulating (01,03); 

(2) similarly, t2 simulates [], so that we can find an action &2 G ^^(^2) 
simulating (); 

(3) we also have that {[ti,t2],s) (in uj uj') simulates [V2] (in liy). By 
proposition [Tl this is equivalent to saying that s (in to') simulates 
([W2],[ii,i2]) (in !i/0!w). 

Thus, we can find an action a G Ai^i{s) simulating ((02), (61,62))- 
By composing the above two simulations on the right ((61, 62) simu- 
lates (01,03)), we thus obtain that o simulates (01,02,03). 
We now need to translate the reactions back: let d G D^i{s, a), 
(3) by induction, we can translate d into a reaction (((^2), (ei, 62)) to 

((02), (61,62)); 
(2) we can translate 62 into a reaction () to 62; 

(1) and finally we can translate ei into a reaction (^1,^3) to (01,03). 
Thus, we obtain reactions di G D^(yi,ai), d2 G D^{v2,a2) and d^ G 
D^{v3,a3). 

(c) The new states we get from those actions/reactions are: s[a/d] on one 
side; and [wi[oi/(ii], 'y2 [02/^2], "^3 [03/(^3]] on the other side. They are in- 
deed related because: 

(1) il[6i/ei] G H^: = [„j[ai/di],„3[a3/d3]]; 

(2) t2 [62/62] G M,: = []; 

(3) and finally [ti[6i/ei],i2 [62/62]] G Itjx:=v2la2/d2]- 



3. Abstraction: this is immediate. Suppose (/i, s) £ |Aa;.t]^; we need to show 
that (/i, s) (in lo lo') simulates 7 (in \r). By proposition [1] this is equiva- 
lent to showing that s (in cj') simulates (7,/i) (in \r ® Iw). This is exactly 
the induction hypothesis. 

□ 

To summarise all this, here is a tentative rewording of the above: \l F \- t : ui, 

(1) each type represent a process; 

(2) each process in the context can be run in parallel multiple times; 

(3) the environment 7 represents the initial states for the context; 

(4) a s £ \t\.y then s can he used as an initial state to simulate 7; 

(5) the algorithm for the simulation is contained in t. 

To finish the justification that we have a denotational model, we now need 
to check that the interpretation is invariant by /3-rcduction. 

Proposition 4. For all terms t and u and environment 7, we have 

l{\x.t)ul^ = {t[u/x]l^ . 

The proof works by induction and is neither really difficult nor very interesting. 
It can be found on http://iinl.univ-inrs.fr/~hyvernat/acadeinics.html. 

3 Interpreting the Differential A-calculus 

Simulation relations from w to w' enjoy the additional property that they form 
a complete sup-latticc: 

Lemma 2. The empty relation is always a simulation from any w to w' ; and if 
{Tijiei is 0, family of simulations from w to w' , then IJjg/ is also a simulation 
from w to w' . 

The proof is immediate... 

Unfortunately, this doesn't reflect any property of A-terms. The reason is 
that (1) not every type is inhabited, and (2) we do not see a priori how to take 
the union of two terms. For example, what is the meaning of XxXy.x U XxXy.y 
in the type X ^ X'E 

Ehrhard and Regnier's differential X-calculus ([6j) extends the A-calculus by 
adding a notion of differentiation of A-terms. One consequence is that we need 
to have a notion of sum of arbitrary terms, interpreted as a non-deterministic 
choice. It is not the right place to go into the details of the differential A-calculus 
and we refer to [5] for motivations and a complete description. 

In the typed case, we have the following typing rules: 



In terms of usual datatypes translation, this term would be t U f in the type B. 



r \- t : LU r \- u : uj 

1. and 

r\-0:uj r^t + u-.Lo 



r \- t : io Lo' r \- u : LO 

2. . 

r \- Tit ■ u : LO Lo' 

The intuitive meaning is that "D t ■ m" is the result of (non-deterministicaUy) 
replacing exactly one occurrence of the first variable of t by u. We thus obtain a 
sum of terms, depending on which occurrence was replaced. This gives a notion 
of differential substitution (or linear substitution) which yields a differential- 
reduction. The rules governing this reduction are more complex than usual 
/3-reduction rules. We refer to 'Gj for a detailed description. 

We extend the interpretation of terms in the following way: 

Definition 12. Define the interpretation of a typed differential X-term by in- 
duction on the type inference: 



1. if we have , then we put |0]^ = 0; 

r h : w 

r \- t : LO r 1- u : LO 

2. if we have , 

r h t + u : to 

then we put {t + uj^ — ftj^ U {uj-y; 

r \- t : LO —> Lo' r \- u : LO 

3. if we have , 

rV^Ht-u-.uj^uj' 

then we put (/i, s') G |D f • u\ry iff {fj, + [s], s') £ for some s G {uj-y^ s.t. 
7 = 71 + 72- 

Proposition [3] extends as well: 

Proposition 5. Suppose that F \- t : lo' where F is a context and t a differential 
X-term. The relation "_ G is a simulation relation from IF to lo' . 

Proof. The proof for the sum and the arc contained in proposition [2l 

For differentiation, suppose we have (/x, s') G |D < ■ u]^, i.e. {fi + [s], s') G Itjji 
for some s G |m]72 7 with 7 = 71 + 72- We need to show that (/x, s') (in lo — > lo') 
simulates 7 (in IF). Since 7 = 71 +72, it is enough to show that we can simulate 
(71,72) (in \F(g,\F). 

By proposition[l] this is equivalent to showing that s' (in lo') simulates (71, 72, /i) 
(in \F(g>\F(g)\Lo). 

Let a^j^ G !A/-(7i), a-y^ G !^r(72) and G ]A^{ii); we need to find an action 
in Ai^i{s') to simulate (a-y^ , a-yj , a^): 

(1) by induction hypothesis, we know that s (in lo) simulates 72 (in IF); so that 
we can find an action a G A^^ (s) simulating a^^ ; 



(2) by induction, we know that s' (in lo') simulates (71, /i + [s]) (in IF ® Itj), so 
that we can find an action a' G Ai^i[s') simulating (a^^, (a^, a)). 
Since a simulates a^j, by composition, a simulates (0^^,(0^,0-^,2)); and by 
associativity and commutativity, we can thus simulate [a^-^^^a^^^a^). 

To translate back a reaction dl to a' into a reaction {d^-^,d^^,dfj), we proceed 
similarly: 

(^j by induction, we can translate d' into a reaction (d^^^ ,d^,d) to (a,^^ , (a^, a)) ; 
(ij by induction, we can also translate the reaction d (in D^^{s, a)) into a reaction 

We thus obtain reactions d^^ , d^^ and as desired. That the resulting next 
states are still related is quite obvious... □ 

We now need to check that the interpretation is invariant by /3-reduction and 
differential reduction. 

Proposition 6. For all differential terms t and u and environment 7, we have: 

l{\x.t)u}^ = {t[u/x\l^ 
lT){Xx.t) ■ u}^ = {\x . (dt/dx) ■ uj^ 

Just like for Proposition [H the proof is quite easy but tedious. The interested 
reader can find it at http://iml.univ-nirs.fr/'^hyvernat/academics.html. 

Conclusion 

Technically speaking, this work is not very different from [T^], which is itself 
quite close to [11 . The main reasons for producing it are: 

— first, it shows that we can give a computational content to the notion of 
simulation if we do not try to interpret all of linear logic; 

— second, it shows that some of the additional structure of interaction sys- 
tems and simulation docs have a logical significance. We showed that by 
interpreting the differential A-calculus. 

Even if we haven't done it formally, it is quite easy to extend the model to full 
intuitionistic linear logic while keeping the computational content of simulations. 
To define the additive, we use the definition of © from [12] . 

It is in principle possible to formalise all the above in a proof assistant (Agda 
or Coq [5I come to mind) If] From such a system, one could extract the simu- 
lations. For example, a term of type T — > T' would give an algorithm simulating 
many synchronous occurrences of T by a single occurrence of T' . 

® One needs to be careful to be able to deal with the notion of equivalence classes used 
in the definition of !u). The idea is to use interaction systems on "setoids", where 
the equivalence relation is a simulation... 



It is however difficult to apply this to obtain real-life simulations. The prob- 
lem is that we only get "purely logical" simulations. Simulations of interest for 
application rely heavily on the different interaction systems used. One way to get 
more interesting simulations (from a practical point of view) might be to use con- 
stant interaction systems (booleans, natural numbers, or more practical ones like 
stacks, memory cells, etc..) as ground types, together with specific simulations 
(the values true and false, successor function, or more practical simulations) as 
inhabitant of specific types. 

In pretty much the same way as [H] makes Int into a denotational model 
for classical linear logic, we can make interaction systems into a denotational 
model for "classical differential linear logic": differential interaction nets [7]. 
This system doesn't make much sense logically speaking, but seems to enjoy 
relationship with process calculi. This is an encouraging direction of research. 
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